While a subscriber roams in a mobile network, the mobile terminal updates its location by using a location update procedure. The procedure is initiated when the current location area identifier either broadcast or sent as a dedicated system information by the radio access network changes. In this process, the authentication or security parameters used to enable security, authentication or ciphering procedures e.g. in the air interface are required for the new connection leg as well.
When the location area changes, the serving Visitor Location Register (VLR) may change, too. In such a situation, the new VLR receives an identification confirmation information, such as security or authentication parameters and an International Mobile Subscriber Identity (IMSI) from the previous or old VLR.
Then, the relation between an old Temporary Mobile Subscriber Identity (TMSI), allocated to the mobile terminal, and the IMSI is lost in the old VLR. Moreover, as a part of the location update procedure, the HLR sends the subscriber parameters which need to be known by the new VLR for proper call handling.
In particular, data related to the location of the mobile terminal and to the management of the subscriber is exchanged between the HLR and the VLR. The main service provided to the mobile subscriber is the capability to set up or to receive calls within the whole service area. To support this, the location registers have to exchange data. The HLR sends to the VLR all the data needed to support the service to the mobile subscriber. The HLR then instructs the previous VLR to cancel the location registration of this subscriber. Exchanges of data may occur when the mobile subscriber receives a particular service, when he wants to change some data attached to his subscription or when some parameters of the subscription are modified by administrative means. Accordingly, the HLR is a database in charge of the management of the mobile subscribers.
A mobile network may contain one or several HLRs depending on the number of subscribers, on the capacity of the equipment and on the organisation of the network. Two kinds of information are stored in the HLR: the subscription information and some location information enabling the charging and routing of calls towards the Mobile Switching Centre (MSC) where the mobile terminal is located. Two types of numbers are attached to each mobile subscription and are stored in the HLR: the IMSI and one or more Mobile Station International ISDN numbers (MSISDN). The IMSI or the MSISDN may be used as a key to access the information in the database for a mobile subscription.
The VLR contains a database which includes the IMSI, the MSISDN, a Mobile Station Roaming Number for mobile terminals having an ongoing call, the TMSI if applicable, a Local Mobile Station Identity if used, the location area where the mobile terminal has been registered and which is used to call the station. The above information is passed between the VLR and the HLR by the procedures described in the GSM specification 03.12. The organisation of the subscriber data is outlined in the GSM specification 03.08.
Furthermore, an Authentication Centre (AuC) is associated with the HLR and stores an identity for each mobile subscriber registered with the associated HLR. This key is used to generate data used to authenticate the IMSI and a key used to cipher communication over the radio path between the mobile terminal and the mobile network. The procedures used for authentication and ciphering are described in the GSM specification 03.20.
The development of the third generation UMTS network has led to a release 99 GSM/UMTS system in which a new type of Subscriber Identity Module (SIM) is introduced as the UMTS Subscriber Identity Module (USIM), and new security parameters associated with it. The security function associated with the GSM SIM utilise GSM Authentication Vectors (AVs), i.e. GSM triplets. The new security functions associated with the UMTS USIM utilise UMTS AVs consisting of UMTS quintuplets comprising additional authentication parameters required for the UMTS network.
However, a problem arises, when a USIM mobile terminal roams from a non-UMTS capable GSM MSC/VLR (release 98 MSC/VLR) to a UMTS capable GSM MSC/VLR (release 99 MSC/VLR), for the following reasons.
Initially, the release 98 MSC/VLR contains the subscriber data and the security parameters for the subscriber. Due to a subscriber movement, the following scenario is executed. The UE notices the change of the location area and starts a location update procedure by sending a L3-MM LOCATION UPDATE REQUEST message to the mobile network. The new MSC/VLR identifies that the old location area from where the UE is coming is controlled by another MSC/VLR. It initiates a MAP (Mobile Application Part) version 3 negotiation towards the old MSC/VLR, and a fall-back to MAP version 2 is performed, since the old release 98 MSC/VLR only supports MAP version 2. The new MSC/VLR sends the old location area identifier and the TMSI to the old MSC/VLR in order to retrieve the IMSI and the authentication parameters. In response thereto, the old release 98 MSC/VLR returns the IMSI and the GSM triplets (GSM AVs) of the subscriber. Here, the problem arises, since the new release 99 MSC/VLR does not know whether the subscriber has a USIM in the mobile terminal and whether UMTS AVs should be used.
In the new MAP version 3 operations, a SEND IDENTIFICATION message used between VLRs and a SEND AUTHENTIFICATION INFO message used between the VLR and the HLR are already specified in the release 99 GSM-UMTS to support the transmission of UMTS AVs. However, the way they are used in the specification does not cope with the above problem.
Furthermore, a mechanism for achieving intersystem operability between UMTS and GSM networks has been suggested for allowing secure interoperation between both networks for GSM users (SIM). According to the suggested mechanism, the MSC/VLR is able to derive a UMTS authentication vector from a received GSM authentication vector, by means of standardised conversion functions, in order to provide the UMTS security parameters to the UMTS radio access network. On the mobile side, the UE derives the UMTS authentication parameters from the GSM authentication parameters by means of the standardised conversion functions when the mobile terminal is located in the UMTS radio access network.
However, also in this case, the above problem arises in case a new MSC/VLR does not know the SIM type provided in the mobile terminal.